From 73837b11db3647b54b27300cd37a0a1dda8e1d09 Mon Sep 17 00:00:00 2001
From: Michael Crosby <crosbymichael@gmail.com>
Date: Thu, 8 Feb 2018 11:30:24 -0500
Subject: [PATCH] Update runc to a618ab5a0186905949ee463dbb762c3d23e

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
---
 RUNC.md                                       |   2 +-
 vendor.conf                                   |   2 +-
 .../runc/libcontainer/nsenter/nsexec.c        | 107 +++++++++---------
 3 files changed, 55 insertions(+), 56 deletions(-)

diff --git a/RUNC.md b/RUNC.md
index 9d3e32627..1eb9abfaf 100644
--- a/RUNC.md
+++ b/RUNC.md
@@ -2,7 +2,7 @@ containerd is built with OCI support and with support for advanced features prov
 
 We depend on a specific `runc` version when dealing with advanced features.  You should have a specific runc build for development.  The current supported runc commit is:
 
-RUNC_COMMIT = 9f9c96235cc97674e935002fc3d78361b696a69e
+RUNC_COMMIT = a618ab5a0186905949ee463dbb762c3d23e12a80
 
 For more information on how to clone and build runc see the runc Building [documentation](https://github.com/opencontainers/runc#building).
 
diff --git a/vendor.conf b/vendor.conf
index bd9359413..e45d75d37 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -16,7 +16,7 @@ github.com/docker/go-units v0.3.1
 github.com/gogo/protobuf v0.5
 github.com/golang/protobuf 1643683e1b54a9e88ad26d98f81400c8c9d9f4f9
 github.com/opencontainers/runtime-spec v1.0.1
-github.com/opencontainers/runc 9f9c96235cc97674e935002fc3d78361b696a69e
+github.com/opencontainers/runc a618ab5a0186905949ee463dbb762c3d23e12a80
 github.com/sirupsen/logrus v1.0.0
 github.com/containerd/btrfs cc52c4dea2ce11a44e6639e561bb5c2af9ada9e3
 github.com/stretchr/testify v1.1.4
diff --git a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c
index a6a107e6e..2c69cee5d 100644
--- a/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c
+++ b/vendor/github.com/opencontainers/runc/libcontainer/nsenter/nsexec.c
@@ -22,7 +22,6 @@
 #include <sys/types.h>
 #include <sys/wait.h>
 
-
 #include <linux/limits.h>
 #include <linux/netlink.h>
 #include <linux/types.h>
@@ -32,15 +31,15 @@
 
 /* Synchronisation values. */
 enum sync_t {
-	SYNC_USERMAP_PLS = 0x40, /* Request parent to map our users. */
-	SYNC_USERMAP_ACK = 0x41, /* Mapping finished by the parent. */
-	SYNC_RECVPID_PLS = 0x42, /* Tell parent we're sending the PID. */
-	SYNC_RECVPID_ACK = 0x43, /* PID was correctly received by parent. */
-	SYNC_GRANDCHILD  = 0x44, /* The grandchild is ready to run. */
-	SYNC_CHILD_READY = 0x45, /* The child or grandchild is ready to return. */
+	SYNC_USERMAP_PLS = 0x40,	/* Request parent to map our users. */
+	SYNC_USERMAP_ACK = 0x41,	/* Mapping finished by the parent. */
+	SYNC_RECVPID_PLS = 0x42,	/* Tell parent we're sending the PID. */
+	SYNC_RECVPID_ACK = 0x43,	/* PID was correctly received by parent. */
+	SYNC_GRANDCHILD = 0x44,	/* The grandchild is ready to run. */
+	SYNC_CHILD_READY = 0x45,	/* The child or grandchild is ready to return. */
 
 	/* XXX: This doesn't help with segfaults and other such issues. */
-	SYNC_ERR = 0xFF, /* Fatal error, no turning back. The error code follows. */
+	SYNC_ERR = 0xFF,	/* Fatal error, no turning back. The error code follows. */
 };
 
 /* longjmp() arguments. */
@@ -73,7 +72,7 @@ struct nlconfig_t {
 	char *oom_score_adj;
 	size_t oom_score_adj_len;
 
-	/* User namespace settings.*/
+	/* User namespace settings. */
 	char *uidmap;
 	size_t uidmap_len;
 	char *gidmap;
@@ -82,7 +81,7 @@ struct nlconfig_t {
 	size_t namespaces_len;
 	uint8_t is_setgroup;
 
-	/* Rootless container settings.*/
+	/* Rootless container settings. */
 	uint8_t is_rootless;
 	char *uidmappath;
 	size_t uidmappath_len;
@@ -167,7 +166,7 @@ static int write_file(char *data, size_t data_len, char *pathfmt, ...)
 		goto out;
 	}
 
-out:
+ out:
 	close(fd);
 	return ret;
 }
@@ -184,16 +183,16 @@ static void update_setgroups(int pid, enum policy_t setgroup)
 	char *policy;
 
 	switch (setgroup) {
-		case SETGROUPS_ALLOW:
-			policy = "allow";
-			break;
-		case SETGROUPS_DENY:
-			policy = "deny";
-			break;
-		case SETGROUPS_DEFAULT:
-		default:
-			/* Nothing to do. */
-			return;
+	case SETGROUPS_ALLOW:
+		policy = "allow";
+		break;
+	case SETGROUPS_DENY:
+		policy = "deny";
+		break;
+	case SETGROUPS_DEFAULT:
+	default:
+		/* Nothing to do. */
+		return;
 	}
 
 	if (write_file(policy, strlen(policy), "/proc/%d/setgroups", pid) < 0) {
@@ -226,14 +225,14 @@ static int try_mapping_tool(const char *app, int pid, char *map, size_t map_len)
 	if (!child) {
 #define MAX_ARGV 20
 		char *argv[MAX_ARGV];
-		char *envp[] = {NULL};
+		char *envp[] = { NULL };
 		char pid_fmt[16];
 		int argc = 0;
 		char *next;
 
 		snprintf(pid_fmt, 16, "%d", pid);
 
-		argv[argc++] = (char *) app;
+		argv[argc++] = (char *)app;
 		argv[argc++] = pid_fmt;
 		/*
 		 * Convert the map string into a list of argument that
@@ -319,7 +318,7 @@ static int clone_parent(jmp_buf *env, int jmpval) __attribute__ ((noinline));
 static int clone_parent(jmp_buf *env, int jmpval)
 {
 	struct clone_t ca = {
-		.env    = env,
+		.env = env,
 		.jmpval = jmpval,
 	};
 
@@ -533,7 +532,7 @@ void nsexec(void)
 	int pipenum;
 	jmp_buf env;
 	int sync_child_pipe[2], sync_grandchild_pipe[2];
-	struct nlconfig_t config = {0};
+	struct nlconfig_t config = { 0 };
 
 	/*
 	 * If we don't have an init pipe, just return to the go routine.
@@ -630,21 +629,21 @@ void nsexec(void)
 	 */
 
 	switch (setjmp(env)) {
-	/*
-	 * Stage 0: We're in the parent. Our job is just to create a new child
-	 *          (stage 1: JUMP_CHILD) process and write its uid_map and
-	 *          gid_map. That process will go on to create a new process, then
-	 *          it will send us its PID which we will send to the bootstrap
-	 *          process.
-	 */
-	case JUMP_PARENT: {
+		/*
+		 * Stage 0: We're in the parent. Our job is just to create a new child
+		 *          (stage 1: JUMP_CHILD) process and write its uid_map and
+		 *          gid_map. That process will go on to create a new process, then
+		 *          it will send us its PID which we will send to the bootstrap
+		 *          process.
+		 */
+	case JUMP_PARENT:{
 			int len;
 			pid_t child, first_child = -1;
 			char buf[JSON_MAX];
 			bool ready = false;
 
 			/* For debugging. */
-			prctl(PR_SET_NAME, (unsigned long) "runc:[0:PARENT]", 0, 0, 0);
+			prctl(PR_SET_NAME, (unsigned long)"runc:[0:PARENT]", 0, 0, 0);
 
 			/* Start the process of getting a container. */
 			child = clone_parent(&env, JUMP_CHILD);
@@ -702,7 +701,7 @@ void nsexec(void)
 						bail("failed to sync with child: write(SYNC_USERMAP_ACK)");
 					}
 					break;
-				case SYNC_RECVPID_PLS: {
+				case SYNC_RECVPID_PLS:{
 						first_child = child;
 
 						/* Get the init_func pid. */
@@ -781,16 +780,16 @@ void nsexec(void)
 			exit(0);
 		}
 
-	/*
-	 * Stage 1: We're in the first child process. Our job is to join any
-	 *          provided namespaces in the netlink payload and unshare all
-	 *          of the requested namespaces. If we've been asked to
-	 *          CLONE_NEWUSER, we will ask our parent (stage 0) to set up
-	 *          our user mappings for us. Then, we create a new child
-	 *          (stage 2: JUMP_INIT) for PID namespace. We then send the
-	 *          child's PID to our parent (stage 0).
-	 */
-	case JUMP_CHILD: {
+		/*
+		 * Stage 1: We're in the first child process. Our job is to join any
+		 *          provided namespaces in the netlink payload and unshare all
+		 *          of the requested namespaces. If we've been asked to
+		 *          CLONE_NEWUSER, we will ask our parent (stage 0) to set up
+		 *          our user mappings for us. Then, we create a new child
+		 *          (stage 2: JUMP_INIT) for PID namespace. We then send the
+		 *          child's PID to our parent (stage 0).
+		 */
+	case JUMP_CHILD:{
 			pid_t child;
 			enum sync_t s;
 
@@ -799,7 +798,7 @@ void nsexec(void)
 			close(sync_child_pipe[1]);
 
 			/* For debugging. */
-			prctl(PR_SET_NAME, (unsigned long) "runc:[1:CHILD]", 0, 0, 0);
+			prctl(PR_SET_NAME, (unsigned long)"runc:[1:CHILD]", 0, 0, 0);
 
 			/*
 			 * We need to setns first. We cannot do this earlier (in stage 0)
@@ -901,13 +900,13 @@ void nsexec(void)
 			exit(0);
 		}
 
-	/*
-	 * Stage 2: We're the final child process, and the only process that will
-	 *          actually return to the Go runtime. Our job is to just do the
-	 *          final cleanup steps and then return to the Go runtime to allow
-	 *          init_linux.go to run.
-	 */
-	case JUMP_INIT: {
+		/*
+		 * Stage 2: We're the final child process, and the only process that will
+		 *          actually return to the Go runtime. Our job is to just do the
+		 *          final cleanup steps and then return to the Go runtime to allow
+		 *          init_linux.go to run.
+		 */
+	case JUMP_INIT:{
 			/*
 			 * We're inside the child now, having jumped from the
 			 * start_child() code after forking in the parent.
@@ -921,7 +920,7 @@ void nsexec(void)
 			close(sync_child_pipe[1]);
 
 			/* For debugging. */
-			prctl(PR_SET_NAME, (unsigned long) "runc:[2:INIT]", 0, 0, 0);
+			prctl(PR_SET_NAME, (unsigned long)"runc:[2:INIT]", 0, 0, 0);
 
 			if (read(syncfd, &s, sizeof(s)) != sizeof(s))
 				bail("failed to sync with parent: read(SYNC_GRANDCHILD)");